|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Forumdiva
Cadet
Joined: Mar 13, 2004
Posts: 5
Location: UK
|
 Posted: Thu Apr 01, 2004 10:24 am Post subject: Delta Source Trojan |
|
|
Help!
Please see text below after TCP Port Scan:
ESTABLISHED CONNECTION: Possible DeltaSource Trojan found on port 6883.
Only problems I have is that a web site I have visited recently appears in my firewall outgoing connections when Outlook connects to my pop3 server. Log below.
OS Win2kPro, stand alone PC Office XP 2002.
Allow activity for application OUTLOOK.EXE OUTLOOK.EXE 01/04/2004 13:58:42 pop.ntlworld.com POP3 Outbound TCP 1099 LocalHost 00:00:00 44 bytes 119 bytes 163
Allow activity for application SERVICES.EXE SERVICES.EXE 01/04/2004 13:58:42 cache2.ntli.net DNS Outbound UDP 1098 LocalHost 00:00:00 78 bytes 62 bytes 140
Allow activity for application OUTLOOK.EXE OUTLOOK.EXE 01/04/2004 13:58:21 pop.ntlworld.com POP3 Outbound TCP 1095 LocalHost 00:00:21 0 bytes 0 bytes 0
Allow activity for application OUTLOOK.EXE OUTLOOK.EXE 01/04/2004 13:58:30 www.vineycommunications.co.uk
Any help greatly appreciated.
Kind regards,
Christine. |
|
| Back to top |
|
 |
Prince_Serendip
AVPE Host
Premium Member
Joined: Sep 07, 2002
Posts: 1026
Location: Canada
|
| Posted: Thu Apr 01, 2004 10:53 am Post subject: |
|
|
FYI: Malware-Info: Backdoor.Deltasource.07
The term Backdoor describes a specific group of Trojan Horses. As Trojans, they are not able to spread to other computers. Backdoors allow attackers full control over the victim's PC. Mostly they are split into 3 parts:
Server
The part which is put on the victim's PC and takes control over the PC.
Client
A little program used by the attacker to connect to the server and control the computer.
Editor
An additional tool to create the server program. It allows the attacker to create an unique server and allows him to set all options and rules for the server.
Backdoors are wide spread today. They are one of the most dangerous software programs for users surfing the web beside Worms, Dialers, Spyware and Trojans.
You can download the 30-day trial of TrojanHunter. Run it. Then do the following:
Please follow these directions:
From Computer Cops get the Direct-Download of HijackThis. It's zipped.
Unzip the download (using a piece of software like Winzip). Create a folder in My Documents and unzip HijackThis into the new folder and run it from there.
Doubleclick on HijackThis.exe from the unzipped archive and press the "Scan" button.
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press this button, and save the log to the same folder as HijackThis.
IMPORTANT NOTE: Most of what HijackThis lists will be harmless or even required, so do NOT fix anything yet.
Next, go to the Spyware-HijackThis Forum and press "New Topic".
Be specific in explaining your issue. Please tell us what you are experiencing on your computer. For example, has it slowed down, getting weird pop-ups, homepage has been changed, etc? Then copy and paste the contents of your entire HijackThis log into your new topic thread.
Open the Log with Wordpad (for example), Press Ctrl + A to highlight all, then Press Ctrl + C to copy it. To put it in your post, position the cursor on the page and press Ctrl + V.
Someone here will be happy to help you analyze the results..
Best regards and Welcome to Computer Cops! 
So how did you get infected in the first place?
PLEASE READ THIS BEFORE YOU POST:
Computer Cops: Spyware - HijackThis: Posting Guidlines
_________________
ASAP Expert | Please donate to Computer Cops! |
|
| Back to top |
|
|
Forumdiva
Cadet
Joined: Mar 13, 2004
Posts: 5
Location: UK
|
| Posted: Thu Apr 01, 2004 11:00 am Post subject: |
|
|
Hi & Thanks for the welcome & swift reply.
I've ran TH & Stinger .. Have McAffe running & up-to-date and so is the firewall.
Diva. |
|
| Back to top |
|
|
Mariner
Site Moderator
Premium Member
Joined: Aug 25, 2003
Posts: 1904
|
| Posted: Wed Apr 07, 2004 9:44 pm Post subject: |
|
|
You're welcome; glad we were able to help. 
NOTE: This thread is now closed. Should you need it reopened, please PM a mod.
Everyone else having a similar issue, please launch a new topic for yourselves. |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
